net.shibboleth.idp.authn.impl.PopulateMultiFactorAuthenticationContext

All Implemented Interfaces:: Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class PopulateMultiFactorAuthenticationContext extends AbstractAuthenticationAction

An action that creates and populates a MultiFactorAuthenticationContext with the set of transition rules to use for coordinating activity, the executing AuthenticationFlowDescriptor and with any active "factors" found, if an active result from the MFA flow is present in the AuthenticationContext.

If the lookup strategy supplies no transition rules to use, then the AuthnEventIds.RESELECT_FLOW event is signaled.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, AuthnEventIds.RESELECT_FLOW

Precondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class) != null

Postcondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class).getSubcontext(
  MultiFactorAuthenticationContext.class) != null

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

private class

PopulateMultiFactorAuthenticationContext.DefaultResultLookupStrategy

Default strategy function to extract embedded AuthenticationResults from inside the AuthenticationResultPrincipal collection of an active AuthenticationResult of the currently executing flow.
Field Summary

Fields

Modifier and Type

Field

Description

private Function<ProfileRequestContext,Collection<AuthenticationResult>>

activeResultLookupStrategy

Lookup strategy for active "factors" that may already be usable.

private final org.slf4j.Logger

log

Class logger.

private Function<ProfileRequestContext,MultiFactorAuthenticationContext>

multiFactorContextCreationStrategy

Lookup/creation function for the context to populate.

private Function<ProfileRequestContext,Map<String,MultiFactorAuthenticationTransition>>

transitionMapLookupStrategy

Lookup strategy for obtaining the map of transition rules to use.
Constructor Summary

Constructors

Constructor

Description

PopulateMultiFactorAuthenticationContext()

Constructor.
Method Summary

Modifier and Type

Method

Description

protected void

doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)

Performs this authentication action.

void

setActiveResultLookupStrategy(Function<ProfileRequestContext,Collection<AuthenticationResult>> strategy)

Set the lookup strategy for any active "factors" that may be reusable.

void

setMultiFactorContextCreationStrategy(Function<ProfileRequestContext,MultiFactorAuthenticationContext> strategy)

Set the lookup/creation strategy to use for the context to populate.

void

setTransitionMapLookupStrategy(Function<ProfileRequestContext,Map<String,MultiFactorAuthenticationTransition>> strategy)

Set the strategy to lookup the map of transition rules to apply.

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction
doExecute, doPreExecute, doPreExecute, setAuthenticationContextLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplier

Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, doInitialize, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized

Field Details
- log
  
  @Nonnull private final org.slf4j.Logger log
  
  Class logger.
- transitionMapLookupStrategy
  
  @Nonnull private Function<ProfileRequestContext,Map<String,MultiFactorAuthenticationTransition>> transitionMapLookupStrategy
  
  Lookup strategy for obtaining the map of transition rules to use.
- multiFactorContextCreationStrategy
  
  @Nonnull private Function<ProfileRequestContext,MultiFactorAuthenticationContext> multiFactorContextCreationStrategy
  
  Lookup/creation function for the context to populate.
- activeResultLookupStrategy
  
  @Nullable private Function<ProfileRequestContext,Collection<AuthenticationResult>> activeResultLookupStrategy
  
  Lookup strategy for active "factors" that may already be usable.
Constructor Details
- PopulateMultiFactorAuthenticationContext
  
  PopulateMultiFactorAuthenticationContext()
  
  Constructor.
Method Details
- setTransitionMapLookupStrategy
  
  public void setTransitionMapLookupStrategy(@Nonnull Function<ProfileRequestContext,Map<String,MultiFactorAuthenticationTransition>> strategy)
  
  Set the strategy to lookup the map of transition rules to apply.
  
  Parameters:
  
  strategy - lookup strategy
- setMultiFactorContextCreationStrategy
  
  public void setMultiFactorContextCreationStrategy(@Nonnull Function<ProfileRequestContext,MultiFactorAuthenticationContext> strategy)
  
  Set the lookup/creation strategy to use for the context to populate.
  
  Parameters:
  
  strategy - lookup/creation strategy
- setActiveResultLookupStrategy
  
  public void setActiveResultLookupStrategy(@Nullable Function<ProfileRequestContext,Collection<AuthenticationResult>> strategy)
  
  Set the lookup strategy for any active "factors" that may be reusable.
  The default strategy is to look for an active AuthenticationResult of the flow currently being attempted, and check within it for AuthenticationResultPrincipal objects.
  
  Parameters:
  
  strategy - lookup strategy
- doExecute
  
  protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext)
  
  Performs this authentication action. Default implementation throws an exception.
  
  Overrides:
  
  doExecute in class AbstractAuthenticationAction
  
  Parameters:
  
  profileRequestContext - the current IdP profile request context
  
  authenticationContext - the current authentication context

Class PopulateMultiFactorAuthenticationContext

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.shared.component.InitializableComponent

Field Details

log

transitionMapLookupStrategy

multiFactorContextCreationStrategy

activeResultLookupStrategy

Constructor Details

PopulateMultiFactorAuthenticationContext

Method Details

setTransitionMapLookupStrategy

setMultiFactorContextCreationStrategy

setActiveResultLookupStrategy

doExecute